Note: You will need to be an AD Schema administrator for some parts of the setup process. If you aren’t sure what these are or how to use them, Microsoft does have some good documentation on installing and setting up LAPS, check out the ‘LAPS_OperationsGuide.docx’ document for more information. How to setup Microsoft LAPSīefore we begin, there’s a small disclaimer up front, installing and configuring LAPS is not as simple and download and execute a setup application, there is some manual configuration which is required using PowerShell and Group Policy. You can read more about Microsoft LAPS here and you can download the installation package here. Having this tool setup within your Active Director environment is a great way to ensure that if anyone gains access to an endpoint that any lateral movement is restricted due to having unique passwords across all endpoints.Īnother benefit of using LAPS is that it is not reliant upon additional computers, applications or services to manage these passwords, once setup its tightly integrated into Active Directory, thereby allowing you to integrate and manage passwords in AD compatible tools. LAPS allow domain administrators and/or help desk staff to manage and rotate passwords for local administrative accounts across all Windows devices. Microsoft Local Administrator Password Solution ( LAPS) is a password manager that when configured is integrated into Active Directory. This is where Microsoft LAPS comes into play. Ensuring that everyone is using their computers with normal low-level privileged accounts can be a challenging task, more so when you need to ensure that any local administrator passwords should be secure and yet managed easily.Ī lot of people will simply use the same password for all local administrator accounts, which can allow the management of machines to be frighteningly easy, however what happens if one machine is breached and the local credentials are dumped and then broken? The attacker has access to the whole estate. As I’m sure you know, password management within an enterprise environment can be difficult, more so when you consider the management and controlling of local administrator accounts across all Windows devices. Today we’re going to talk about Microsoft LAPS. Microsoft LAPS: What is it and why you should be using it
0 Comments
Leave a Reply. |